Interactive CLI to scaffold monorepo projects for onchain AI agents
LPM treats this as warn-only first-party agent extension lifecycle risk. A user-run scaffold command can create project-local MCP configuration that invokes external MCP packages through `npx`. It can also upload user-supplied secrets to OneClaw's vault service.
Source appears to send environment or credential material to an external endpoint.
dist/cli.jsView on unpkg · L6A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/cli.jsView on unpkg · L6This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/cli.jsView on unpkgA single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/cli.jsView on unpkg · L10974Package source invokes a package manager install command at runtime.
dist/cli.jsView on unpkg · L2022Package source references dynamic require/import behavior.
dist/cli.jsView on unpkg · L2400Source appears to send environment or credential material to an external endpoint.
dist/cli.jsView on unpkg · L6A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/cli.jsView on unpkg · L6This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/cli.jsView on unpkgPackage source invokes a package manager install command at runtime.
dist/cli.jsView on unpkg · L2022Package source references dynamic require/import behavior.
dist/cli.jsView on unpkg · L2400A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/cli.jsView on unpkg · L10974